The SEC is increasing the number RIA inspections by the Office of Compliance Inspections and Examinations (OCIE) and has signaled an aggressive agenda for such exams. Here is a non-exhaustive list of items a Chief Compliance Officer and his or her staff may want to consider well in advance of getting a call from OCIE:

1. Cybersecurity Policies and Procedures: Make sure the firm’s policies are periodically reviewed and cover key issues (e.g., electronic security (passwords, encryption, “need to know” segmentation), physical security, employee training, incident response planning, and vendor due diligence).
2. Product Selection: For both RIAs and BDs, the SEC is taking a close look at certain products (e.g., variable annuities) sold to retail investors. Ensure proper monitoring of client recommendations and allocations.
3. Performance Advertising: Pay particular attention to the distinctions between true actual performance, model performance, and back-tested performance.
4. Third-Party Affiliations: Disclose any business relationships with 3d parties (e.g., solicitor and sub-advisory relationships) and the potential conflicts they pose.
5. Fee Structure/Reverse Churning: OCIE is looking at disclosures re: fee structure and the appropriateness of fee-based compensation (e.g., is a firm actively managing an account or just collecting fees).
6. Custody: “Custody” is broadly defined in Rule 206(4)-2. Firms that have custody need to comply with the Rule’s requirements (e.g., hire an independent CPA to conduct an annual surprise audit).
7. Code of Ethics/Insider Trading: Make sure the Code is up to date and has adequate personal trading and disclosure restrictions.
8. Best Execution: If firm has authority to pick BDs, make sure to disclose how firm selects BDs and any “soft dollar” arrangements.
9. Principal Trading: Disclose it; make sure Rule 3T being followed.
10. Anti-Money Laundering Policies: For firms that are also BDs, make sure to have AML policies and procedures designed to pick up on suspicious activity (e.g., lots of relatively small transactions).